Lucene search
+L

121 matches found

BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.11 views

The vulnerability of the Datagram TLS implementation in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the Datagram TLS implementation in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to induce service failure through specially created DTLS traffic...

5.8CVSS7.2AI score0.00685EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/05 5:15 p.m.3 views

CVE-2022-29491

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other...

7.5CVSS7.1AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/12 12:0 a.m.17 views

Eclipse TinyDTLS encryption issue vulnerability

Eclipse TinyDTLS is a library for Datagram Transport Layer Security DTLS.Eclipse TinyDTLS is vulnerable to an encryption issue that could be exploited by an attacker to compute a key to decrypt DTLS communications...

7.5CVSS2.5AI score0.01045EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/04/23 12:0 a.m.15 views

Datagram Transport Layer Security (DTLS) Protocol Detection

Detection of services supporting the Datagram Transport Layer Security DTLS protocol. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/25 6:22 a.m.88 views

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.291 views

DTLS Service Detection

Nessus was able to detect that the remote service supports DTLS Datagram Transport Layer Security by sending a ClientHello and receiving a HelloVerifyRequest reply. TRUSTED...

5.5AI score
Exploits0
OSV
OSV
added 2020/08/21 2:15 p.m.4 views

UBUNTU-CVE-2020-24585

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS applicationdata messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application...

5.3CVSS5.8AI score0.00894EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/12 12:0 a.m.2 views

Zephyr Trust Management Issues Vulnerabilities

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A trust management issue vulnerability exists in the UpdateHub module in Zephyr 2.1.0 and later fixed in version 2.2.0, which stems from the program disabling DTLS peer checking. An attacker could use...

5.8CVSS6.6AI score0.01181EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/30 12:0 a.m.3 views

INSIDE Secure MatrixSSL Buffer Overflow Vulnerability (CNVD-2020-22363)

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. INSIDE Secure MatrixSSL suffers from a buffer overflow vulnerability that stems from the DTLS server not properly handling incoming network messages. An attacke...

9.8CVSS7.7AI score0.03632EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.7 views

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

5.9CVSS6.9AI score0.89058EPSS
Exploits6References5
BDU FSTEC
BDU FSTEC
added 2016/09/22 12:0 a.m.6 views

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the Anti-Replay function in the DTLS library of OpenSSL is related to the incorrect use of large port numbers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using fake DTLS records...

5CVSS7.4AI score0.22634EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...

6.8CVSS7.6AI score0.99977EPSS
Exploits4References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.10 views

The vulnerability of Cisco IPS software allows a malicious actor to trigger a service failure.

The vulnerability in the dtls1getmessagefragment function in d1both.c of OpenSSL allows malicious actors to induce a service failure recursion and abnormal client termination by using the DTLS hello message in an invalid manner...

7.1CVSS6.9AI score0.87892EPSS
Exploits0References12Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.

The vulnerability exists in the function dtls1reassemblefragment in d1both.c in OpenSSL, due to an improper check of the length of fragments in DTLS ClientHello messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure buffer overflow an...

10CVSS7.5AI score0.99977EPSS
Exploits4References12Affected Software1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.36 views

Amazon Linux: Security Advisory (ALAS-2012-38)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8AI score0.16645EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.5 views

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the dtls1listen function in the OpenSSL library is related to pointer dereferencing errors. Exploiting this vulnerability could allow a malicious actor to cause service failure by generating DTLS traffic due to incorrect isolation of independent data streams...

5CVSS6.5AI score0.07295EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2015/06/16 12:0 a.m.3 views

OpenSSL dtls1_clear_queues Function Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A security vulnerability exists in the 'dtls1clearqueues' function in OpenSSL's ssl/d1lib.c file due to the failure of the program to...

7.5CVSS6.9AI score0.16587EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/03/19 12:0 a.m.4 views

PT-2015-1683 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the dtls1 listen function in OpenSSL, which does not properly isolate state information of independent data streams. This can be exploited by a remote...

5CVSS5.3AI score0.07295EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2014/10/16 2:59 p.m.7 views

openssl: SRTP memory leak causes crash when using specially-crafted handshake message

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server...

7.1CVSS6.7AI score0.37072EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/09/24 4:53 p.m.5 views

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.44247EPSS
Exploits0References5
Rows per page
Query Builder